[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fortune 100 Company Extranet Security Model
Hi all,
Although you can build your complete security model with LDAP, we found a
good compromise by using LDAP to control access TO THE application; the
access INSIDE AN APPLICATION would be still controlled by the existing,
already programmed, security rules.
In such a way we got the best of LDAP without a complete revisiton off all
exixting applications.
Of course, new applications are designed from the beginning to take
advantage of LDAP.
best regards
G. Baruzzi
"Phillip C. Rhodes" wrote:
> All,
> I am a project lead for a large company's Extranet security model.
> Currently, It is predominately Java servlets/JSP's which access
> different databases (Oracle, DB2, etc)and MQ, etc.
>
> Our security model is implemented in Oracle. Home grown. We are
> rapidly growing, I envision thousands of users and groups. Right now,
> we use a database table that links a database user or groups to a
> resource.
>
> For example, group "Customer A" will have access to records containing
> their customer number. We use this table to build sql queries, or to do
>
> direct joints to filter records. What we have is security down to the
> database record level.
>
> This approach has some drawbacks:
> 1) Maintenance tools must be written to support the tables for
> administration. Password resets, password policies, group membership,
> etc...
> 2) Performance-
> 3) Cumbersome to program in this model
>
> I would be interested in what others may be doing in this arena. Would
> LDAP help us provide record-level data security for diverse datasources
> such as DB2 and Oracle?
>
> Perhaps a hybrid of database and LDAP? Put the LDAP database backend in
>
> Oracle?
>
> Just a few questions for now.
>
> Thanks,
> Phillip
begin:vcard
n:Dr. Baruzzi;Giovanni
tel;work:+49-711-663-1421
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:giovanni.baruzzi@allianz-leben.de
fn:Giovanni Dr. Baruzzi
end:vcard